Mac Store Apps Stopped Working Due To Expired Security Certificate

Oops! A number of users have been reporting error messages and other issues with software downloaded from the Mac App Store that prevented them from using their apps. The warnings prompted them to delete and then re-install their apps, but this was not necessarily correcting the problem, customers found. The issue, as it turned out, was related to Apple’s failure to renew a security certificate. And while Apple quickly addressed the problem by issuing a new certificate with an expiration date of 2035, many users continued to face problems. [Post updated: See further explanation below.]

In order to use their apps once again, customers needed to be online and reauthenticate with the Mac App Store using their Apple account information, but not everyone was able to do that immediately. Some had also forgotten their iCloud passwords, compounding the issue, reported The Guardian, citing Twitter users’ postings.

And the process of deleting and reinstalling all the applications customers ever bought on the Mac App Store certainly angered many as well, leading them to vent their frustrations on Twitter.

Users discovered the issue for themselves when they attempted to launch and run their apps. Error messages confused users, by saying that the app was “damaged” and needed to be re-installed.

For developers, the situation was something of a customer service nightmare, too, as users would reach out to the app maker, instead of assuming the problem was related to the Mac App Store itself. Meanwhile, there was nothing developers could actually do to address the issue on their own – as Apple needed to re-issue a new certificate. (Which it has now done.)

These security certificates are used to help prevent malware and other unauthorized applications from running on end users’ machines. But the issue has brought to light one of the challenges associated with a closed ecosystem like the Mac App Store when it comes to desktop applications.

While a centralized directory of “approved” apps makes things easier for consumers who no longer have to scour the web for software, it also introduces a single point of failure into the equation. It’s rare that a glitch of this size happens, but when it does, it can be fairly wide-reaching.

The problem was first spotted by Tapbots’ developer Paul Haddad on Wednesday, who realized the issue was related to an expired certificate.

Users have reported that they’ve solved the problem by logging out of the Mac App Store then signing back in. Others said a reboot fixed things.

As it turns out, the Mac App Store issue didn’t affect all the Mac store applications, though it did affect a fair number (more than a dozen, say, but less than 100). And it wasn’t entirely about a security certificate’s expiration.

Instead, what happened was that Apple made some assumptions about the technology app developers were using, and the testing process missed what turned out to be a big issue.

Apple issued a new, stronger (SHA-2) Mac App Store certificate in September, before the older (SHA-1) one expired, as planned. The new Mac App Store certificate was using the current, strong SHA-2 algorithm. However, some apps were running receipt validation code using very old versions of OpenSSL that don’t support SHA-2.

OpenSSL started supporting SHA-2 in 2005, which is why Apple didn’t foresee this issue. Apple has since returned the cert to SHA-1 and its developer relations team is now working with the apps in question to have them update their validation code.

After the certificate was updated some users had to restart their systems and re-authenticate with the Mac App Store to clear a system cache of some outdated certificate information, but only those using affected apps. That means not all users were affected.

The issue also highlighted the fact that Apple has no way to communicate with its larger development community or consumers via social media, when it comes to the Mac App Store. While the company wouldn’t have commented on the problem until it investigated further – and is still not commenting publicly – a Mac App Store Twitter account could have at least acknowledged the situation and said it was looking into a solution.